The Hidden Tracking Around Your Wrist

Analysis. Before you buy a wearable to track your health, then check whether you can trust the company behind the gadget. Products for the quantified-self-segment are a lucrative business growing rapidly, because they really are motivating to use. But most leak personal data that could be misused, few products protect your privacy – apart from two brands.

When I got my first fitness tracker – a rubber bracelet with a small chip in – to measure my steps and sleep, I happened to read the terms and conditions by the company behind the Fitbit. They made me suspicious; did this company have any data ethics at all? Not so sure, I went to fakenamegenerator.com to get myself a new identity for that specific purpose. I became Nanna H. Bach on Fitbit.com. I created an email address in the same name, but did not hook up to the company’s smartphone app, as that makes it impossible to hide my location. Instead, I used only my computer with a VPN-service on, so I could change my location / IP address. My goal was to track my daily number of steps and my sleep, and as I paid for Fitbit band around my wrist, I could not see any reason to also pay with my personal data.Today, four years later, Fitbit also measures both pulse and heartbeat, and has repeatedly proven that there was good reason to be skeptical about possible abuse of my personal data.

Location, location, location, they say in the real estate business. Location, location, location could mantra sounds data broker industry. And not least in the rapidly growing and lucrative ‘wearable industry’. The industry has the honorable purpose to spark our effort reaching a better shape. These wearables actual do spark that interest and they’re fun, inspiring and motivating to use and to compete with friends. But there is a good reason to be aware of what these portable data collectors also are. Most of them are like small ‘spies’ collecting massive amounts of sensitive personal data and often sharing them with others without asking for our explicit consent, which you must according to European legislation.

Goppling up our MAC addressesMany wearables doing so more than just making measurement tools available to us. They also send our data off to outsiders. According to a study by the Canadian non-profit Open Effect, both Fitbit and Garmin trackers allow others to gopple up MAC addresses from the bracelets. MAC stands for Media Access Control address’ and is a unique number that you have in smartphones and thus also in wearables. ‘Smart cities’ get MAC-addresses via chips in lampposts, walls and elsewhere from our phones using an open Bluetooth or Wi-Fi in order to measure traffic. However, the same can obviously be done with these wearables. A single MAC address is in its self not identifiable, but compilations of multiple MAC addresses can be linked to one and enriched with for example credit card purchases others can build profiles of us, experts tell the SF Chronicle.The study from the University of Toronto confirms that Fitbit and others have neglected to take privacy into account. Among the eight surveyed wearables, Apple Watch, Base Peak, Fitbit Charge HR, Garmin Vivosmart, Jawbone Up 2, Whiting Pulse O2, Mio Fuse and Xiaomi Mi Band, Apple Watch is the only tracker with no leakage of MAC addresses as described in a previous article.

The usable personal dataData can be used and abused depending on the eye of the beholder, for example. Data from wearables are used in divorce cases in the United States to prove adultery (where were you and were you active at night). They are used to prove that you have become less active after an accident or to document that an alleged rape victim was not raped.
In 2014, Fitbit demonstrated that the company had forgotten all about privacy, when a story broke about the fact that a simple google search could reveal Fitbit users who had registered their sexual activities on Fitbit. The data settings was defaulted to public, meaning that if a Fitbit user had inserted “hugging” or “kissing” as activities, that data could be found from a simple Google search. (This setting has now been changed.)

Fitbit also collaborates closely with the insurance industry in the United States, one of which even small minority are beginning to give customers lower premiums if they go with a tracker and prove that they are sufficiently active.

Two brands understandAt least one in six consumers (figures from 2014) are using a wearable. The use will undoubtedly increase because it is a motivator, so if you jump on the trend, it’s a good idea to choose a product that is safe and respectful of our privacy.

Apple Watch was the winner in the Canadian study, and Apple’s Tim Cook not only fight a principal FBI case, where FBI want to access an encrypted Apple phone. Cook also said about big data companies: “They’re gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong. And it’s not the kind of company that Apple wants to be.”Besides Apple, there is Dutch TomTom, which has a sports tracker, a good bet. TomTom has focused on privacy in both their GPSer and their selvmålings-tool. The European company’s privacy policy is exemplary and says among other things: “We protect your data. Your data is yours. We keep it that way by protecting it as best as we reasonably can to prevent it from falling into the wrong hands.“